Study Commissioned by Palo Alto Networks Also Shows IT Security Chiefs Welcome EU Legislation, Yet Are Worried About Costs and Operational Strains
13 October 2016 – The received wisdom is that European IT security professionals are under overbearing pressure from adversaries when it comes to cybersecurity. Yet a new, in-depth, independent study commissioned for Palo Alto Networks into current attitudes reveals a profession that is more determined and confident than might be expected.
The real tensions in their working life are the difficult conversations IT security managers must have with their senior management bosses on the fallout from attacks. Also highlighted in the report is a need to ramp up systems and processes for the comprehensive breach reporting required in the European Union General Data Protection Regulation (GDPR) and Network and Information Security (NIS) Directive.
Furthermore, years of cyberattacks have not left IT security professionals reeling; instead they are more experienced and determined to prevent attacks. When asked about the impact of a cyber incident on them, the majority (60 percent) said it provided them with an opportunity to learn from the experience and bounce back stronger; only nine percent said that it would lead to their job termination. Taking a strong preventative posture is the overwhelming strategy with, on average, 65 percent of the IT security budget allocated to it across Europe.
Where IT security professionals are less sure is with their relationships with senior management:
“The tensions and gaps in understanding illustrated by this study are apparent. As I talk to companies across EMEA, I spend a lot of time helping them determine how IT security professionals and the rest of the senior management team can get closer on cybersecurity issues that are so serious and strategic. Technology can help in simplifying the processes involved, preventing and automating effective responses to incidents. But it’s clear that there needs to be more open dialogue within the senior management team to execute and continually improve on cyberattack prevention strategies.” Greg Day, vice president and regional chief security officer, EMEA, Palo Alto Networks